Experts reveal methods, motivations behind Moscow's cyber attacks

Russia is engaged in wide-ranging information warfare operations aimed at undermining the United States, and the federal government has few defenses against the attacks, information specialists told a Senate hearing last week.

Moscow's large-scale operations include the covert attempt to sway the 2016 presidential election and dissemination of false news reports to sow confusion and weaken American democracy, according to testimony before the Senate Select Committee on Intelligence Thursday.

The committee hearing was called as part of an investigation into the Russian campaign to influence the 2016 election.

In addition to the hacking and leaking campaign during the election, Russian intelligence agencies engaged in covert influence operations that falsely reported terrorist attacks in the United States and against the key U.S. military base in Incirlik, Turkey.

The Russian government also backed the Occupy Wall Street protest movement and trumpeted racially charged news to sow social unrest.

The federal government has been unable to stop Moscow's propaganda and influence operations. Likewise, it has failed to counter cyber attacks aimed at stealing data or sabotaging critical networks.

"Americans should be concerned because right now a foreign country, whether they realize it or not, is pitting them against their neighbor, other political parties, ramping up divisions based on things that aren't true," said Clint Watts, a cyber security expert and former FBI special agent.

"If they can do that, if Americans don't believe that their vote counts, they're not going to show up to participate in democracy," said Watts, a senior fellow at the Foreign Policy Research Institute.

Retired Gen. Keith Alexander, former director of the National Security Agency, said the United States lacks a strategy for dealing with information warfare and adequate defenses for protecting private sector infrastructure from attacks.

"The consequence is if there were a massive attack, we'd have to go back and get authority to act," Alexander said. "Where, if it were missiles coming in, we already have rules of engagement. So, I think we need to step that up as well."

Alexander, who once led the military's Cyber Command, lamented that the military "wouldn't have the right people set up to react" to a major cyber attack.

"The American public, indeed all democratic societies, need to understand that malign actors are using old techniques with new platforms to undermine our democratic institutions," said Sen. Richard Burr (R., N.C.), the committee chairman.

"We're all targets of a sophisticated and capable adversary and we must engage in a whole of government approach to combat Russian active measures," Burr added.

"Active measures" is the term used to describe asymmetric warfare activities that combine propaganda and media disinformation with cyber operations to achieve foreign policy objectives.

The Russian election campaign hacked key political figures and institutions, notably the Democratic National Committee. A U.S. intelligence community assessment of the influence campaign concluded in January that the Russians sought to discredit Democratic nominee Hillary Clinton and assist Republican nominee Donald Trump.

Cyber attacks were carried out by the FSB civilian security service backed by hackers working for the GRU military spy agency.

Information obtained from the cyber attacks was leaked to Russian-affiliated news outlets DCLeaks.com and WikiLeaks using a Russian online persona called Guccifer 2.0. Russian intelligence also exploited state-linked propaganda outlets RT and Sputnik to spread false information aimed at sowing discord in America.

The Russian government was able to manipulate key social media outlets such as Twitter and Facebook to cause topics favorable to Moscow's policies to trend on the Internet. Russia employs thousands of Internet trolls and botnet computers to tilt social media trends in its favor.

Cyber security expert Thomas Rid said the Russians use Internet trolls and botnets to flood the zone with disinformation during influence operations.

"The Russians were able to flood the zone, actually not in a broad-based [way] across the whole country, but literally target it down to precinct levels in certain states," he said.

The operations succeeded in fooling major mainstream media outlets into parroting Russian disinformation against the United States.

Russia is using many of the same tactics against American allies in Europe and is expected to resume its disinformation campaign in the United States ahead of future elections.

FBI Director James Comey disclosed to Congress on March 20 that bureau counterintelligence agents are investigating links between Trump campaign aides and the Russian government. So far, no evidence of such links has surfaced.

Eugene Rumer, former U.S. national intelligence officer for Russia and Eurasia between 2010 and 2014, testified that it is not necessary to publicly disclose technical evidence of Russian election meddling.

"It is the totality of Russian efforts in plain sight to mislead, to misinform, to exaggerate that is more convincing than any cyber evidence," Rumer said. "RT, Russia Today, broadcasts, internet trolls, fake news and so on are an integral part of Russian foreign policy to date."

Rumer said Russia remains weak militarily despite modernization and a growing nuclear arsenal. However, he noted that "Russian leaders have embraced a different toolkit, information warfare, intimidation, espionage, economic tools, and so on."

The Russian influence campaign is viewed by Moscow as an unqualified success, he added.

"The payoffs include but are not limited to, one, a major distraction to the United States, for the United States, damage to U.S. leadership in the world, and perhaps most importantly the demonstration effect: If the Kremlin can do this to the world's sole remaining global superpower imagine how other countries see it," Rumer said.

Other Russian influence campaigns have included efforts to skew online White House petitions, such as a petition calling for Alaska to be returned to Russia, spread false claims the military is preparing for martial law in the United States, and sow hatred and discord by backing the Black Lives Matter protests and land disputes in the western United States.

"Russia hopes to win the second Cold War through the force of politics, as opposed to the politics of forces," Watts said.

He added that Russia's goal is to topple democracies by undermining governments, fostering social division, and creating confusion about information sources by blurring the lines between fact and fiction.

Russian disinformation has included political messages and propaganda aimed at tarnishing leaders and institutions, especially financial markets and capitalist economies.

The Russians also have used "gray" propaganda outlets that promote conspiracy theories and are financed and led by Russians.

Russian propaganda promoted a false story on July 30 that the U.S. air base in Incirlik, Turkey, which stores nuclear weapons, had been overrun by terrorists. More than 4,000 tweets were used to promote the false Russian disinformation.

Watts said the U.S. intelligence community has failed to deal with disinformation and is overly focused on terrorism and counterintelligence.

"The U.S., in failing to respond to active measures, will surrender its position as the world's leader, forgo its role as chief promoter and defender of democracy, and give up on over 70 years of collective action to preserve freedom and civil liberties around the world," Watts said.

"The intel community in the United States is very biased against open source information," he said. "And has been surprised repeatedly."

Social media companies and journalists also are failing to deal with foreign disinformation.

"The media needs to improve. Our U.S. government institutions need to improve and we got to help Americans understand what the facts are, because if we don't, we are lost," Watt said.

"We'll become two separate, maybe three separate worlds in the United States just because of this little bitty pinprick that was put in by a foreign country."

The State Department and Department of Homeland Security need to create mechanisms capable of rapidly refuting disinformation, he said.

Watts said the Russians are winning at cyber and information warfare because they have "great propagandists" and hackers.

"We, on the other hand, worry a lot about who we're going to bring into the cyber field because they might have smoked weed one day or they can't pass a security clearance," he said.

Kevin Mandia, head of the cyber security firm FireEye, said technical analysis of the Russian cyber intrusions revealed sophisticated malware and techniques used by Moscow in its cyber attacks.

"So there is a huge infrastructure, comprised of machines or false fronts or organizations that are used for these attacks," he said. "And we found over 500 of those. We've analyzed over 70 lure documents written in many different languages. And these are the documents that you receive during a spear phishing [attack], and they're armed documents."

Alexander said the United States needs to engage Russia diplomatically while confronting it using intelligence capabilities.

"We have to come up with a way of sharing threat intelligence information at network speed and practicing what our government and industry do together and work that with our allies," Alexander said.

"I believe we can do this and protect civil liberties and privacy," he said. "I think we often convolve those two, but we can actually separate and show that you can do both."

Bill GertzEmail Bill | Full Bio | RSSBill Gertz is senior editor of the Washington Free Beacon. Prior to joining the Beacon he was a national security reporter, editor, and columnist for 27 years at the Washington Times. Bill is the author of seven books, four of which were national bestsellers. His most recent book was iWar: War and Peace in the Information Age, a look at information warfare in its many forms and the enemies that are waging it. Bill has an international reputation. Vyachaslav Trubnikov, head of the Russian Foreign Intelligence Service, once called him a “tool of the CIA” after he wrote an article exposing Russian intelligence operations in the Balkans. A senior CIA official once threatened to have a cruise missile fired at his desk after he wrote a column critical of the CIA’s analysis of China. And China’s communist government has criticized him for news reports exposing China’s weapons and missile sales to rogues states. The state-run Xinhua news agency in 2006 identified Bill as the No. 1 “anti-China expert” in the world. Bill insists he is very much pro-China—pro-Chinese people and opposed to the communist system. Former Defense Secretary Donald H. Rumsfeld once told him: “You are drilling holes in the Pentagon and sucking out information.” His Twitter handle is @BillGertz.